const express = require('express');
const UserController = require('../controllers/user.controller');
const { authenticateToken, authorizeRoles } = require('../middlewares/auth');
const {
  validateUserCreation,
  validateUserLogin,
  validateUserUpdate,
  validatePasswordChange
} = require('../middlewares/validation');

const router = express.Router();

// 公开路由（不需要认证）
/**
 * @route POST /api/users/login
 * @desc 用户登录
 * @access Public
 */
router.post('/login', validateUserLogin, UserController.handleLogin);

// 需要认证的路由
/**
 * @route GET /api/users/profile
 * @desc 获取当前用户信息
 * @access Private
 */
router.get('/profile', authenticateToken, UserController.handleGetCurrentUser);

/**
 * @route PUT /api/users/change-password
 * @desc 修改密码
 * @access Private
 */
router.put('/change-password', 
  authenticateToken, 
  validatePasswordChange, 
  UserController.handleChangePassword
);

// 管理员路由（需要管理员权限）
/**
 * @route POST /api/users
 * @desc 创建新用户
 * @access Private (Admin only)
 */
router.post('/', 
  authenticateToken, 
  authorizeRoles(['admin']), 
  validateUserCreation, 
  UserController.handleCreateUser
);

/**
 * @route GET /api/users
 * @desc 获取所有用户（支持分页和筛选）
 * @access Private (Admin only)
 */
router.get('/', 
  authenticateToken, 
  authorizeRoles(['admin']), 
  UserController.handleGetAllUsers
);

/**
 * @route GET /api/users/:id
 * @desc 根据ID获取用户信息
 * @access Private (Admin only)
 */
router.get('/:id', 
  authenticateToken, 
  authorizeRoles(['admin']), 
  UserController.handleGetUserById
);

/**
 * @route PUT /api/users/:id
 * @desc 更新用户信息
 * @access Private (Admin only)
 */
router.put('/:id', 
  authenticateToken, 
  authorizeRoles(['admin']), 
  validateUserUpdate, 
  UserController.handleUpdateUser
);

/**
 * @route DELETE /api/users/:id
 * @desc 删除用户
 * @access Private (Admin only)
 */
router.delete('/:id', 
  authenticateToken, 
  authorizeRoles(['admin']), 
  UserController.handleDeleteUser
);

module.exports = router;